[savnet] Re: Tommy Jensen's Discuss on draft-ietf-savnet-intra-domain-problem-statement-23: (with DISCUSS and COMMENT)
Lancheng <qinlc@mail.zgclab.edu.cn> Wed, 29 April 2026 02:14 UTC
Return-Path: <qinlc@mail.zgclab.edu.cn>
X-Original-To: savnet@mail2.ietf.org
Delivered-To: savnet@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id EEB4DE553940; Tue, 28 Apr 2026 19:14:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1777428859; bh=VbBsDg6Ca2aDczGrbf3j2ttkswZ2byP+gMihew+41z8=; h=Date:From:To:Cc:Subject:In-Reply-To:References; b=skIN48T6K193r9imhkJHMuy5YNoR3rt+Vf+LHpqqE+IotIawmD7t7nnqXwIkBe6VA Dl+2CJbiAwefNQRFfkWnnYgjy31ZVyUCzHqqd3epwGIge9ajNYrgxkZLOwwh098EOn fyvq2L/EkHInozeZKRqDtBn53+kwLVQVB4UpqZXU=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.697
X-Spam-Level:
X-Spam-Status: No, score=-1.697 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=mail.zgclab.edu.cn
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7vuTxJEoucPc; Tue, 28 Apr 2026 19:14:19 -0700 (PDT)
Received: from azure-sdnproxy.icoremail.net (azure-sdnproxy.icoremail.net [13.76.78.106]) by mail2.ietf.org (Postfix) with ESMTP id 59CB7E55393D; Tue, 28 Apr 2026 19:14:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mail.zgclab.edu.cn; s=dkim; h=Received:Date:From:To:Cc:Subject: In-Reply-To:References:Content-Transfer-Encoding:Content-Type: MIME-Version:Message-ID; bh=kUNavZ71mgMgyrzGkKRZQ+Iz1asXKUvGDE+s vR/8eFI=; b=phUm+aQFfTZ4i2xjxsG7ywqwghEpAxviPpXSfyexfBKU3w16GF+T JtM8uvpT8cKlAmCheRHEng1qghY90hnUOsNtGxW9wEXsrIll8zaVjDdDwt+6b8qo 2xlIreBERIS9Jsf3lH7EIvaEiKvia0b+o7qGWBPYHnSqt8iWB9B9/W4=
Received: from qinlc$mail.zgclab.edu.cn ( [58.206.207.208] ) by ajax-webmail-web2 (Coremail) ; Wed, 29 Apr 2026 10:14:15 +0800 (GMT+08:00)
X-Originating-IP: [58.206.207.208]
Date: Wed, 29 Apr 2026 10:14:15 +0800
X-CM-HeaderCharset: UTF-8
From: Lancheng <qinlc@mail.zgclab.edu.cn>
To: Tommy Jensen <tojens.ietf@gmail.com>
X-Priority: 3
X-Mailer: Coremail Webmail Server Version 2024.2-cmXT5 build 20250909(015d6f0a) Copyright (c) 2002-2026 www.mailtech.cn mispb-4df55a87-4b50-4a66-85a0-70f79cb6c8b5-tsinghua.edu.cn
In-Reply-To: <1e26b3f8.48541.19d99e31025.Coremail.qinlc@mail.zgclab.edu.cn>
References: <177631942033.1164683.13244428492855625962@dt-datatracker-647897bf7-7f2k5> <1e26b3f8.48541.19d99e31025.Coremail.qinlc@mail.zgclab.edu.cn>
Content-Transfer-Encoding: base64
Content-Type: text/plain; charset="UTF-8"
MIME-Version: 1.0
Message-ID: <62e9f390.50336.19dd703fb0a.Coremail.qinlc@mail.zgclab.edu.cn>
X-Coremail-Locale: en_US
X-CM-TRANSID: yQQGZQC3k5t3afFpFIUnAQ--.48394W
X-CM-SenderInfo: xtlqzuo62juzldeovvfxof0/1tbiAQQMBmnxMytEVwAAsc
X-Coremail-Antispam: 1Ur529EdanIXcx71UUUUU7IcSsGvfJ3iIAIbVAYjsxI4VWDJw CS07vEb4IE77IF4wCS07vE1I0E4x80FVAKz4kxMIAIbVAFxVCaYxvI4VCIwcAKzIAtYxBI daVFxhVjvjDU=
Message-ID-Hash: 24A73R6QWRQGVOKQCHWSSAJRTSJNV6IU
X-Message-ID-Hash: 24A73R6QWRQGVOKQCHWSSAJRTSJNV6IU
X-MailFrom: qinlc@mail.zgclab.edu.cn
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: The IESG <iesg@ietf.org>, draft-ietf-savnet-intra-domain-problem-statement@ietf.org, savnet-chairs@ietf.org, savnet@ietf.org, song.xueyan2@zte.com.cn
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [savnet] Re: Tommy Jensen's Discuss on draft-ietf-savnet-intra-domain-problem-statement-23: (with DISCUSS and COMMENT)
List-Id: Source Address Validation in Intra-domain and Inter-domain Networks <savnet.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/savnet/WT-7KCM4l2hRJ6X1bleihaoRbgw>
List-Archive: <https://mailarchive.ietf.org/arch/browse/savnet>
List-Help: <mailto:savnet-request@ietf.org?subject=help>
List-Owner: <mailto:savnet-owner@ietf.org>
List-Post: <mailto:savnet@ietf.org>
List-Subscribe: <mailto:savnet-join@ietf.org>
List-Unsubscribe: <mailto:savnet-leave@ietf.org>
Hi Tommy, We think your concern about Section 5.6 is reasonable. The previous text in Section 5.6 was too general and was not intended to describe a specific vulnerability that new intra-domain SAV mechanisms need to address. We would like to clarify that this document does not introduce new security considerations. Since Section 5.6 does not provide a requirement specific to intra-domain SAV, we plan to remove Section 5.6 in the next version of the draft: https://github.com/SAVNET-ProblemStatement-Architecture/Intra-domain-problem-statement/commit/eb11bb88f60d9b19649cfabc59985eb0a77c4869 Could this revision address your concern about Section 5.6? Best regards, Lancheng and co-authors > -----Original Messages----- > From: Lancheng <qinlc@mail.zgclab.edu.cn> > Send time:Friday, 17/04/2026 13:21:28 > To: "Tommy Jensen" <tojens.ietf@gmail.com> > Cc: "The IESG" <iesg@ietf.org>, draft-ietf-savnet-intra-domain-problem-statement@ietf.org, savnet-chairs@ietf.org, savnet@ietf.org, song.xueyan2@zte.com.cn > Subject: Re: [savnet] Tommy Jensen's Discuss on draft-ietf-savnet-intra-domain-problem-statement-23: (with DISCUSS and COMMENT) > > Hi Tommy, > > Thank you for your review. > > After re-evaluating the "vulnerability prevention" requirement, we agree that the current wording is too general and not specific to SAV mechanisms. We therefore believe that retaining this requirement may introduce ambiguity without providing clear, actionable requirement specific to SAV mechanisms. > > We plan to remove this requirement in the next revision. > > Best, > Lancheng and co-authors > > > > -----Original Messages----- > > From: "Tommy Jensen via Datatracker" <noreply@ietf.org> > > Send time:Thursday, 16/04/2026 14:03:40 > > To: "The IESG" <iesg@ietf.org> > > Cc: draft-ietf-savnet-intra-domain-problem-statement@ietf.org, savnet-chairs@ietf.org, savnet@ietf.org, song.xueyan2@zte.com.cn > > Subject: [savnet] Tommy Jensen's Discuss on draft-ietf-savnet-intra-domain-problem-statement-23: (with DISCUSS and COMMENT) > > > > Tommy Jensen has entered the following ballot position for > > draft-ietf-savnet-intra-domain-problem-statement-23: Discuss > > > > When responding, please keep the subject line intact and reply to all > > email addresses included in the To and CC lines. (Feel free to cut this > > introductory paragraph, however.) > > > > > > Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ > > for more information about how to handle DISCUSS and COMMENT positions. > > > > > > The document, along with other ballot positions, can be found here: > > https://datatracker.ietf.org/doc/draft-ietf-savnet-intra-domain-problem-statement/ > > > > > > > > ---------------------------------------------------------------------- > > DISCUSS: > > ---------------------------------------------------------------------- > > > > One sentence summary: I would like to discuss why the authors and WG believe > > this needs to be published as an RFC, and if that results in a good reason to > > do so, how the current hand waving of security requirements can be improved. > > > > I echo what other ADs are raising. In my experience, WGs do well with having > > their own requirements document with WG consensus but not publishing as an RFC. > > For example, add and deleg both took this approach. It would save going through > > the much more stringent bar of IESG review over what the WG knows they need to > > define success amongst themselves for future documents. > > > > However, I am reviewing as if there are good reasons to publish as an RFC that > > I'm not aware of. As such, I want to bring up the same bit Roman did, which > > jumped out at me: > > > > > Any new intra-domain SAV mechanism MUST NOT introduce additional > > > security vulnerabilities to existing intra-domain architectures or > > > protocols. > > > > As a WG document, I would say this is underspecified but maybe the WG knows > > what they mean. As an RFC, I do not think this is appropriate at all. Combining > > this with the Security Considerations that says this introduces no new > > considerations and I do not think this document says much that is meaningful to > > people outside your very specific context. It's possible some of this may be > > obvious to your WG even if not written down because of context for terminology > > (i.e. "vulnerability" means something specific like "attack surface represented > > by the presence of a node" to say "MUST NOT introduce additional hops to > > existing..."). If so, that needs to be defined here, as it currently could be > > interpreted as "MUST NOT introduce the potential for CVEs" or a number of other > > things that are quite difficult to mandate normatively. > > > > For an example of how security considerations can still apply to a requirements > > document, check out Section 4 of the add WG's requirements document (which is > > what their Security Considerations section links to): > > https://datatracker.ietf.org/doc/html/draft-ietf-add-requirements-00 > > > > All this becomes non-applicable if this is a document the WG writes for > > themselves, setting aside that then my review isn't needed anyway, because > > there's some wiggle room for WGs to "know what they meant" since the WG itself > > can shift its take on requirements as work on drafts meeting those requirements > > proceeds. This isn't a flexibility given once it is published as an RFC however. > > > > > > ---------------------------------------------------------------------- > > COMMENT: > > ---------------------------------------------------------------------- > > > > No additional commentary; I do not wish to waste the authors' time fine tuning > > the document since I think this document is probably reasonable as WG > > self-guidance for to measure how their drafts meet these requirements as it is. > > I highly encourage consideration of not publishing this as an RFC. > > > > > > > > -- > > savnet mailing list -- savnet@ietf.org > > To unsubscribe send an email to savnet-leave@ietf.org
- [savnet] Tommy Jensen's Discuss on draft-ietf-sav… Tommy Jensen via Datatracker
- [savnet] Re: Tommy Jensen's Discuss on draft-ietf… Lancheng
- [savnet] Re: Tommy Jensen's Discuss on draft-ietf… Lancheng
- [savnet] Re: Tommy Jensen's Discuss on draft-ietf… Tommy Jensen
- [savnet] Re: Tommy Jensen's Discuss on draft-ietf… Lancheng
- [savnet] Re: Tommy Jensen's Discuss on draft-ietf… Lancheng